Skip to content

Commit

Permalink
Update dependencies version (#729)
Browse files Browse the repository at this point in the history 
* fix: docker/development/Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795
- https://snyk.io/vuln/SNYK-ALPINE318-SQLITE-6179217

* Upgraded base image in Dockerfiles to solve vulnerabilities

* Reverted base image tag and added line to upgrade dependencies in the image; upgraded dependency in requirements.txt

* Updated executor image tag

* Updated dependency version

* Updated dependency version

* Updated dependency version

* Updated dependency version

* Updated Django version

* Updated deprecated keys in circleci config and executor image tag

* Updated executor image tag

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
  • Loading branch information
@giulio-giunta @snyk-bot
giulio-giunta and snyk-bot authored Jun 2, 2024
1 parent 802bac1 commit e33ba6d
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 13 deletions.
10 changes: 5 additions & 5 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
steps:
- checkout
- setup_remote_docker:
version: 20.10.14
version: default
- run:
name: Skip ci
command: |
Expand Down Expand Up @@ -49,13 +49,13 @@ jobs:
name: Run Snyk scan on backend image
command: |
snyk test --docker geekzone/backend:$TAG --severity-threshold=high --fail-on=all
- deploy:
- run:
name: Push frontend image to Docker Hub
background: true
command: |
docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
docker push geekzone/frontend:$TAG
- deploy:
- run:
name: Push backend image to Docker Hub
command: |
docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
Expand All @@ -72,7 +72,7 @@ jobs:
deploy-test:
docker:
- image: "geekzone/infra:0.1.410"
- image: "geekzone/infra:0.1.421"
environment:
TAG: 0.1.<< pipeline.number >>
steps:
Expand Down Expand Up @@ -109,7 +109,7 @@ jobs:
deploy-prod:
docker:
- image: "geekzone/infra:0.1.410"
- image: "geekzone/infra:0.1.421"
environment:
TAG: 0.1.<< pipeline.number >>
steps:
Expand Down
6 changes: 4 additions & 2 deletions docker/backend/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
FROM python:3.12.0rc2-alpine
FROM python:3.13.0a5-alpine

RUN apk update && \
apk add --update --virtual build-deps gcc libc-dev linux-headers && \
apk add jpeg-dev zlib-dev libpq python3-dev && \
apk add jpeg-dev zlib-dev libpq=16.2-r1 python3-dev && \
apk add postgresql-dev && \
apk add netcat-openbsd

RUN apk upgrade

ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

Expand Down
2 changes: 2 additions & 0 deletions docker/development/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ RUN apk update && \
apk add postgresql-dev && \
apk add netcat-openbsd

RUN apk upgrade

RUN apk add --update nodejs-current npm

ENV PYTHONDONTWRITEBYTECODE 1
Expand Down
4 changes: 3 additions & 1 deletion docker/proxy/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ RUN apk update && \
apk add postgresql-dev && \
apk add netcat-openbsd

RUN apk upgrade

WORKDIR /usr/src/app

COPY . .
Expand All @@ -14,7 +16,7 @@ RUN ["python", "manage.py", "collectstatic"]

CMD [ "gunicorn", "web.wsgi", "-b 0.0.0.0:8000" ]

FROM nginx:1.25.3-alpine3.18
FROM nginx:alpine

RUN apk update && apk upgrade

Expand Down
10 changes: 5 additions & 5 deletions requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,22 @@ beautifulsoup4==4.9.3
cached-property==1.5.2
certifi==2023.7.22
chardet==4.0.0
Django==4.2.7
Django==4.2.11
django-environ==0.4.5
django-extensions==3.1.1
django-livereload-server~=0.3
django-probes~=1.6
django-tailwind~=3.3.0
django-widget-tweaks~=1.4
idna==2.10
idna==3.7
importlib-metadata>=6.6.0
Pillow==10.0.1
psycopg2==2.9.6
Pillow==10.3.0
psycopg[c]==3.1.18
pytz==2023.3
requests==2.31.0
six==1.16.0
soupsieve~=2.2
sqlparse==0.4.4
sqlparse==0.5.0
stripe==5.4.0
tornado==6.3.3
urllib3>=2.0.7
Expand Down

0 comments on commit e33ba6d

Please sign in to comment.